Underground communities attract people interested in illicit activities and easy-money making methods. In this joint talk, we will discuss the role of these forums in two different activities: eWhoring and the use of malware for illicit cryptocurrency mining.
On the one hand, eWhoring is the term used by offenders to refer an online fraud where they imitate partners in cyber-sexual encounters. Using all sort of social engineering skills, offenders aim at scamming their victims into paying for sexual-related material of a third-party person. We have analysed material and tutorials posted in underground forums to sed light into this previously-unknown deviant activity.
On the other hand, illicit crypto-mining uses stolen resources to mine cryptocurrencies for free. This threat is now pervasive and growing rapidly. Our talk will cover how this ecosystem is evolving, how much harm it is causing, and how can it be stopped. Our measurement shows that criminals have illicitly mined about 4.4% of the Monero cryptocurrency (we estimate that this accounts for 58 million USD). We also observe that there is a considerably small number of actors that hold sway this crime. Furthermore, we note that there is an increasing level of support offered by criminals in underground markets, that allow other criminals to run inexpensive malware-driven mining campaigns. This explains why this threat has grown sharply in 2018.
Guillermo Suarez-Tangil is a Lecturer of Computer Science at King's College London (KCL). His research focuses on systems security and malware analysis and detection. In particular, his area of expertise lies in the study of smart malware, ranging from the detection of advanced obfuscated malware to automated analysis of targeted malware. Before joining KCL, he has been senior research associate at University College London (UCL) where he has explored the use of program analysis to study malware. He has also been actively involved in other research directions aiming at detecting and preventing of Mass-Marketing Fraud (MMF).
Prior to that, he held a post-doctoral position at Royal Holloway, University of London (RHUL) where he was part of the development team of CopperDroid, a tool to dynamically test malware that uses machine learning to model malicious behaviours. He also holds a solid expertise on building novel data learning algorithms for malware analysis. He obtained his PhD on smart malware analysis in Carlos III University of Madrid with distinction and received the Best National Student Academic Award---a competitive award given to the best Thesis in the field of Engineering between 2014-2015 with about 1% acceptance rate (about 100 Cum Laude Thesis were invited to compete for the only award).
Sergio Pastrana is Visiting Professor at Universidad Carlos III de Madrid. He got his PhD in June 2014 by the same institution. His thesis analyzed the effectiveness of Intrusion Detection Systems and Networks in the presence of adversaries, and also the problems derived by the use of classical Machine Learning and AI tools in adversarial environments. After completion of his PhD, he spent two post-doctoral years working in a research project related to security in the Internet of Things (SPINY). His research was focused on the design and evaluation of protocols and systems adapted to the IoT world, as well as attacks and defensed designed for embedded devices.
From October 2016 to October 2018, he worked as Research Associate (postdoctoral researcher) in the Cambridge Cybercrime Centre from the University of Cambridge. His research focused on the analysis of online communities focused on deviant and criminal topics. His first goal was to gather massive amount of data from various forums where these communities interact. For that purpose, he developed a web crawler designed with ethical and technical issues in the forefront. The analysis of these data allow to understand how new forms of cybercrime operate, and it has been or is being used by at least 15 research institutions. His research has been published in prestigious international conferences such as WWW, IMC or RAID, and also in high impact international journals.